cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Machine Learning
Dive into the world of machine learning on the Databricks platform. Explore discussions on algorithms, model training, deployment, and more. Connect with ML enthusiasts and experts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

when we are trying to create folder/file or list file using dbutils we are getting forbidden error in aws

karthik_p
Esteemed Contributor

โ€Ž04-05-2023 05:19 AM

HI Team,

we have created new premium workspace with custom managed vpc, workspace deployed successfully in AWS. we are trying to create folder in dbfs, we are getting below error. we have compared cross account custom managed role (Customer-managed VPC with custom policy restrictions), but still we are getting "GetObjectMetadataRequest" forbidden. i am not seeing issue in terms of permissions, did anything had been updated from databricks metastore end .

Caused by: java.nio.file.AccessDeniedException: s3a://xxxxx/nvirginia-prod/xxxx.meta/mounts: 

getFileStatus on s3a://xxxxx nvirginia-prod/xxxx.meta/mounts: 

com.amazonaws.services.s3.model.AmazonS3Exception:

Forbidden; request: HEAD https://xxxx nvirginia-prod/xxxxx.meta/mounts {} Hadoop 2.7.7, aws-sdk-java/1.12.261 Linux/5.4.0-1096-aws OpenJDK_64-Bit_Server_VM/25.342-b07 java/1.8.0_342 scala/2.12.15 kotlin/1.6.21 vendor/Private_Build cfg/retry-mode/legacy com.amazonaws.services.s3.model.GetObjectMetadataRequest; Request ID: xxxx, Extended Request ID: xxxxx, Cloud Provider: AWS, Instance ID: i-xxxx 

(Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: xxxxx; S3 Extended Request ID: xxxxx=; Proxy: null)

, S3 Extended Request ID: xxxxxxx=:403 Forbidden

6 REPLIES 6

Debayan
Databricks Employee
Databricks Employee

โ€Ž04-05-2023 10:48 PM

Hi, The HTTP 403 Forbidden response status code indicates that the server understands the request but refuses to authorize it. Could you please check the S3 permissions and other related permissions in IAM?

Also, please tag @Debayanโ€‹ with your next response which will notify me. Thank you!

0 Kudos

karthik_p
Esteemed Contributor
In response to Debayan

โ€Ž04-06-2023 05:44 AM

@Debayan Mukherjeeโ€‹ yes, we have compared IAM cross account role and bucket permissions, everything looks good as per databricks recommendations . we have picket custom vpc policy and applied that

0 Kudos

karthik_p
Esteemed Contributor

โ€Ž04-07-2023 07:31 AM

@Debayan Mukherjeeโ€‹ client is still in free version, within 3 days it will be converted to premium. Is above issue because of free tier

0 Kudos

Debayan
Databricks Employee
Databricks Employee
In response to karthik_p

โ€Ž04-10-2023 10:04 PM

@karthik pโ€‹ Can you please check and confirm now?

0 Kudos

karthik_p
Esteemed Contributor

โ€Ž04-17-2023 01:45 PM

@Debayan Mukherjeeโ€‹ Issue resolved, looks cloud team have not updated required security groups that has been shared, after revisiting them we are able to find missing security groups and added them

0 Kudos

Debayan
Databricks Employee
Databricks Employee
In response to karthik_p

โ€Ž04-17-2023 10:02 PM

@karthik pโ€‹ , Thanks for the confirmation. Glad to know!

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements